Central Bank of Ireland Regulatory and Supervisory Priorities 2025

These concerns are varied in nature, stretching from the influence of the unstable geopolitical environment on inflation and interest rates, to the danger posed to customer trust and safety through the rapidly evolving technological environment. The CBI links these wider threats to their influence on firms subject to the CBI’s supervision, and sets out the methods the CBI intends to use to ensure customers are protected in these relationships.

Key Supervisory Priorities for 2025

The CBI has framed its supervisory priorities around the regulator’s ultimate goal of protecting the market and customers within that market. To that end, the CBI focuses on the ways in which regulated firms can protect their business models, and ultimately their customers, from the external threats highlighted in the macro environment.

The foundation of the CBI’s priorities is the adoption by regulated firms of a more proactive, forward-looking approach to risk management. A specific example cited is the effective disclosure of both the benefits and risks of financial products to their customers, with particular note of the growing marketing of unregulated financial products such as crypto-assets.

The CBI is seeking to ensure that regulated firms have sufficient operational and financial resources to adapt to, or recover from, shocks originating from what the CBI describes as the unstable political, technological and environmental landscape. Again, the focus of the CBI is ensuring that regulated firms are structured in such a way to protect their customers in the event of such shocks. These shocks could originate in the market in the form of inflation shocks or interest rate changes, and would have a particular impact on those customers facing arrears.

The CBI will pay attention to the ability of firms to address operating framework deficiencies, particularly regarding the exercise of control over a company’s strategic direction. The CBI notes that certain multi-national corporations relinquish their decision-making powers to parent companies based outside of Ireland, in contravention of their authorisation requirements. Such structures will be closely scrutinised, in order to ensure that the CBI has sufficient oversight of the key decision-making body.

There will also be a focus on the rapid pace of technological change. Firms will be expected to invest in, and adapt to, the evolving demands of customers in their products, with cybersecurity, AI and maintenance of consumer trust paramount. Of related concern is the ability of regulated firms to adapt to the demands of the climate transition, with the CBI demanding firms ‘enhance their role’ in the transition.

Finally, the CBI will work to complete its transition to a new supervisory structure, which aims to facilitate a more collegiate relationship between regulated entities and the CBI. This will take the form of three sector-specific ‘Directorates’ supported by four horizontal directorates, focusing on a specific risk factor relevant to all regulated firms.

Cross-Sectoral Focus and Key Supervisory Activities

The CBI’s new supervisory structure is designed to focus on sector-specific issues in the first instance, with the regulated entity’s point of contact assigned based on their authorised activities. However, there are cross-sectoral priorities which will be forming a key part of the regulator’s activities over the coming two years. These will be undertaken with the primary goal of consumer protection through the promotion of well-regulated, efficient markets. Innovation will be encouraged where it is supported by sufficient resources and training.

The CBI will pay attention to the introduction of increasingly complex and highly speculative financial products. In the CBI’s view, these products become more prevalent through negligent or malicious advertising on social media, and their prevalence is compounded by the public’s generally low levels of financial literacy. The CBI expects any regulated entity dealing with such products to exercise extreme caution, and provide sufficient resources to aid potentially confused consumers in their interactions with them.

Operational resilience is a key focus in the CBI’s supervisory focus, as the CBI considers the application of the Digital Operational Resilience Act (“DORA”). To this end, the CBI will be monitoring the control that Irish boards exercise over the decision-making powers of the Irish company, on the principle that the board in Ireland should make all strategic decisions. The CBI will also consider the resources dedicated to the various operations located in Ireland. The CBI expects firms to have sufficient capability to support their most vulnerable customers in an unpredictable environment, and so this should be evident from their resourcing allocations in the State. The CBI will undertake extensive engagement with regulated entities who are within scope of DORA. Any such entity should already have brought their processes into compliance.

The report has also highlighted the risks posed by climate change to regulated entities, be that from rising costs, the implementation of new regulations, or the danger of conducting business in communities under climate pressure. The CBI notes that all regulated entities should be making a concerted effort not only to comply with relevant laws to the best of their ability, but to further enhance their role in the transition to net zero carbon emissions.

Sector-Specific Supervisory Strategies

Banks

• The CBI intends to assess asset and liability risk management frameworks within credit institutions, with an emphasis on the effective oversight of interest rate risk management. This will be accompanied by an assessment of credit risk management, encouraging proactive management of vulnerable portfolios.
• On the theme of operational resilience, the CBI will carry out an SSM Cyber-Resilience Thematic Review, and firms will be expected to complete IT Risk Questionnaires.
• The CBI will continue to carry out risk-based supervision, focusing on reviews of the data underpinning capital and liquidity planning, the effectiveness of strategic oversight from the board and the resolution of stressed debt in the system.

Payment Institutions / E-Money Institutions

• The CBI will assess the remediation actions taken by firms to address deficiencies highlighted during the 2023 Safeguarding Audit. The CBI will also enhance engagement with firms currently in breach of regulatory requirements, or those who have identified deficiencies in governance or control frameworks.
• The CBI will also work to ensure that firms’ risk and control frameworks are operating effectively and are prepared for unforeseen operational developments.

Retail Credit Firms and Credit Servicing Firms

• The CBI will conduct a thematic review of how firms are engaging with borrowers facing early arrears, with specific reference to the Supervisory Expectations issued in 2022 and 2023.
• Consumer research will be carried out to compare borrowers’ experiences of dealing with these firms, focusing particularly on trust. This will be accompanied by engagement with these firms to ensure they have sufficient resources to engage comprehensively with borrowers.

Credit Unions

• The goals for credit unions focus on the implementation of the outcomes of reviews carried out on credit union exempt services and into the lending framework, in line with Consultation Papers 148 and 125 respectively.
• The CBI will also work to implement new legislation for credit unions, and change the regulatory framework where necessary.

Implementation of New Regulatory Frameworks

The CBI has also noted the wide range of Irish and European regulation through which it will gain new powers of supervision over regulated entities. These range from the strictly financial, such as the Markets in Crypto-Assets (“MiCA”) Regulation to the generally applicable AI Act. Providers of credit transfers should be aware of the implementation of the requirements of the Instant Payments Regulation, preparation for which should be under way. However, there are some upcoming regulations to which all firms currently regulated should pay particular attention. DORA has been previously discussed, and in-scope firms should already have implemented the requirements.

The upcoming revision to the Consumer Protection Code (the “Code”) will seek to enhance consumer protection. The Code will be modernised to reflect issues currently affecting stakeholders, particularly the influence of multinational corporate structures on strategic management and the adoption and resourcing of innovative technologies. The Code will introduce guidance for firms on a “Securing Customers’ Interests Standard of Business”, aiming to give guidance on achieving many of the principles set out above. This, along with existing codes and regulations such as the Code of Conduct on Mortgage Arrears, will be integrated into a revised version of the Code. The CBI will also focus on increasing the accessibility of the Code, providing an online portal for regulated entities, and a “Consumer’s Guide to the Consumer Protection Code” for the public.

Specific Priorities for 2025

Outside of the supervisory and regulatory points already discussed, Governor Makhlouf in his Letter to the Minister for Finance points out certain priorities for the year ahead. These concern implementing the recommendations of the Enria review of the Fitness and Probity regime, which focus on clarity of supervisory expectations, governance of the process of supervision and the fairness, efficiency and transparency of that supervision. This review of the CBI’s own process will be accompanied by an assurance that regulated entities are continuing to embed the Individual Accountability Framework in their business practices.

Next Steps

Regulated entities should consider their decision-making structure to ensure that all relevant decisions are made in Ireland. They should ensure compliance with recently introduced regulation while awaiting the publication of upcoming frameworks. There are multiple references in the report to the carrying out of ‘assessments’ on a variety of entities, so preparation should be made for pro-active engagement with the regulator on relevant issues. Finally, firms should satisfy themselves that those aspects of their dealings experiencing rapid evolution, either technological or otherwise, are well-resourced and meeting customer expectations.